Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have been working on a form that uses PHP to send e-mails to my account. To save room and de-clutter my mailbox account I am now trying to now use the same PHP to send the info to a MySQL server to log the data. The code I have been trying to make work keeps giving the same error of:
Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future
Here is the PHP code that I am currently trying to use:
$host = 'localhost';
$username = 'root';
$password = '';
$dbname = 'on-boarding';
mysql_connect($host,$username,$password);
mysql_select_db($dbname);
mysql_query("INSERT INTO new_employees ('OnBoardedBy', 'EmployeeName', 'HomePhone') VALUES ('$onboarded_by','$employee_name','$home_phone')");
You should use PDO or MySQLi. I'd recommend directly to use PDO and not MySQLi. PDO has a better integration of Prepared Statements. Do it like this:
try {
$db = new PDO("mysql:host=".$host.";dbname=".$db.";charset=utf8", $user, $password);
} catch(PDOException $e) {
die("Unable to connect. Error: ".$e->getMessage());
}
$link = $db->prepare("INSERT INTO new_employees (`OnBoardedBy`, `EmployeeName`, `HomePhone`) VALUES (?, ?, ?)");
$link->bindvalue(1, $onboarded_by);
$link->bindvalue(2, $employee_name);
$link->bindvalue(3, $home_phone);
$link->execute();
$row = $link->fetch(PDO::FETCH_ASSOC);
edit: Let me add an example for a prepared query.
PHP is not going to support the MySQL extension for much longer anymore. It is recommend to use MySQLi or PDO.
$host = 'localhost';
$username = 'root';
$password = '';
$dbname = 'on-boarding';
$link = mysqli_connect('$host', '$username', '$password', '$dbname');
mysqli_query($link, "INSERT INTO new_employees (`OnBoardedBy`, `EmployeeName`, `HomePhone`) VALUES ('$onboarded_by','$employee_name','$home_phone')");
Prepared statements are much safer and avoid the risk of sql injection: http://php.net/manual/en/mysqli.prepare.php
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
How can I insert data from a table to another table after the clicking of a button using PHP and MySQL?
Following php script can be used to fetch values from one Table and insert data into another table:
<?php
$servername = "localhost"; //if running on localhost
$username = "root"; // if running on localhost
$password = ""; // empty for mysql default password
$dbname = "database name";
$conn = mysqli_connect($servername, $username, $password,$dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if (isset($_POST['name of button'])) { // if button is clicked the following code will be executed
$sql_db1 = "SELECT * FROM `table_name_1` WHERE condition"; // if you want to select data based on some constraint.
$sql_db1_query = mysqli_query($conn,$sql_db1); // mysqli_query takes 2 parameters -> connection to database and sql query.
while($row = mysqli_fetch_array($sql_db1_query)){
$sql_db2 = "INSERT INTO `table_name_2`(`column1`,`column2`,`column3`,`column4`) VALUES($row['column1'],$row['column2'],$row['column3'],$row['column4'])"; //'column1' inside $row[] and so on should be replace by the column names of the table in which you want to insert the data
$sql_query_db2 = mysqli_query($conn,$sql_db2);
}
}
?>
I think this takes a little more than a simple answer, try reading a php-mysql tutorial:
https://www.w3schools.com/Php/php_mysql_intro.asp
In plain Mysql you just need a "insert into" statement with a select, as explained here. Then you'll just need to create a php statement to execute this SQL.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
Is this code safe to use for my website? Without sql injections or hacking, yes or no? I dont want to be hacked etc.
<?php
$db = new mysqli ("localhost", "-", "-", "-");
if($_GET['look'] && $_GET['username'])
{
$username = $db->real_escape_string($_GET['username']);
$look = $db->query("SELECT look FROM users WHERE username = '".$username."'")->fetch_assoc();
echo $look['look'];
}
if($_GET['missie'] && $_GET['username'])
{
$username = $db->real_escape_string($_GET['username']);
$motto = $db->query("SELECT motto FROM users WHERE username = '".$username."'")->fetch_assoc();
echo $motto['motto'];
}
if($_GET['while'] && $_GET['status'])
{
$status = $db->real_escape_string($_GET['status']);
$motto = $db->query("SELECT * FROM users WHERE motto = '".$status."'");
while($lol = $motto->fetch_assoc()) {
echo $lol['username'] . '/';
}
}
?>
And how can i improve it?
If you look at the function description for mysql_real_escape_string, it states
mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement
so it will escape your parameters but I would not recommend relying wholly on that.
In future versions, php will no longer support mysql or mysqli and you will need to use PDO. A good resource that I have used a number of times for my own projects is http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers.
PDO allows you to create prepared statements and will escape your parameters for you and protect yourself from sql injection. Here is an example of how you could do that using PDO:
$db = new \PDO('mysql:host=localhost;dbname=test;charset=utf8', 'username', 'password');
$stmt = $db->prepare('
SELECT *
FROM `book` AS b
WHERE b.genre = ?
');
$stmt->execute(array('fantasy')); // Will replace the ? with 'fantasy' and escape it
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I need a little help,I'm new in php mysql, and i dont know why does my script not insert the row in database.
I start apache and mysql in xammp and I create the database(users) and the table(users).
Maybe I'm not seeing something, could use a little help.
Config.inc.php
$dbUser = "root";
$dbPass = "";
$dbDatabase = "test";
$dbHost = "localhost";
$dbConn = mysql_connect($dbHost, $dbUser, $dbPass);
if($dbConn){
mysql_select_db($dbDatabase);
print ("Succsess");
}
else {
die("<strong>ERROR</strong>Could Not connect to Database");
}
?>
Index.php
<?php
include("config.inc.php");
print ("<br>Inserting rows ...");
$password = "test";
mysql_query("ISERT INTO `users`(`email`, `password`, `name`) VALUES ('myemail#gmail.com','" . sha1($password) . "' , 'Flamur')");
echo "<br>Done";
?>
I also use sha1 to encrypt my password :P .
Thnx for helping :)
You have got mistake in:
mysql_query("ISERT INTO `users`(`email`, `password`, `name`) VALUES ('myemail#gmail.com','" . sha1($password) . "' , 'Flamur')");
You must use INSERT no ISERT so try to replace your line with this:
mysql_query("INSERT INTO `users`(`email`, `password`, `name`) VALUES ('myemail#gmail.com','" . sha1($password) . "' , 'Flamur')");
It is INSERT not ISERT on your query.
mysql_query("ISERT INTO `users`(`email`, `password`, `name`) VALUES ('myem
^^^^^
Also, This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I having a hard time finding how to solve this error:
Call to a member function prepare() on a non-object in
F:\Server\xampplite\htdocs\verif.php on line 6
Whenever I try to compile the script, this error comes up.
I'm clueless on where to insert the database connection.
Here's the script:
$username = 'Admin';
$password = 'password';
$sth = $dbh->prepare('
SELECT
hash
FROM users
WHERE
username = :username
LIMIT 1
');
$sth->bindParam(':username', $username);
$sth->execute();
$user = $sth->fetch(PDO::FETCH_OBJ);
// Hashing the password with its hash as the salt returns the same hash
if ( crypt($password, $user->hash) == $user->hash ) {
// Ok!
}
$dbh is never initialized in the code you pasted.
You can do it this way, assuming you are using a mysql database, the name of your database is testdb, and your database is hosted on the same server as your application (hosted on 127.0.0.1):
<?php
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$dbh = new PDO($dsn, $username, $password);
?>
More information in the documentation.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
help me with this code i am new to php
<?php
$conn=mysql_connect("localhost","root","","test");
if(isset($_POST['submit']))
{
$sql="INSERT INTO registration(fname,designation,emailid,
address,phonenumber)VALUES('".$_POST['fname']."','".$_POST['designation']."','".$_POST['ema
lid']."', '".$_POST['address']."','".$_POST['phonenumber']."')";
echo $sql;
$result=mysql_query($conn,$sql);
echo $result;
}
else{
echo "Error";
}
?>
its a registration page getting values and inserting it in the table...
You have the parameters around the wrong way here:
$result=mysql_query($conn,$sql);
Try
$result=mysql_query($sql, $conn) or die(mysql_error($conn));
Side notes:
Don't use mysql_*() functions: they're deprecated. Use mysqli_*() versions instead.
You should escape your user inputs with mysql_real_escape_string() to protect against SQL Injection attacks. Consider using prepared statements with mysqli_() instead.
Take a look at this link which is a good tutorial for inserting data (from a form etc.) to a mysql database.
Also: be aware of sql-injection and prevent it. here is a tutorial on how to do this: link
If you want to have readable code, set the $_POST[] values to a variable, and then pass them to the query, it's not different in fact but this is more easy and clean.:
<?php
$conn=mysql_connect("localhost","root","","test");
if(isset($_POST['submit']))
{
$fname = $_POST['fname'];
$designation = $_POST['designation'];
$emailid = $_POST['emailid'];
$address = $_POST['address'];
$phonenumber = $_POST['phonenumber'];
$sql="INSERT INTO registration(fname,designation,emailid,address,phonenumber)";
$sql .="VALUES('$fname', '$designation', '$emailid', '$address', '$phonenumber')";
echo $sql;
$result=mysql_query($conn,$sql);
echo $result;
}
else{
echo "Error";
}
?>
you hade a typing mistake in $_POST['emailid']...
and you can select your database with this:
mysql_select_db('your db name');
put this line after your connection variable means $conn
and this is wrong:
$result = mysql_query ($conn, $sql)
you have to set the query first:
$result = mysql_query($sql, $conn)